by tenftcoke on Fri Jul 29, 2011 12:10 am ([msg=60262]see Rate these passwords for security on a scale of one to ten?[/msg])

rate these passwords for 1-10 based on security where 1 = likely to be obained and 10 = unlikely to be obtained

password 1ccccccccccccccccccccccccccccccthis is c repeated 30 times, 30 is just an arbitrary number, 100 is of course optimal. ive found most password fields support up to 30 characters and some (like gmail) support even more up in the 100s. ive also found that most brute force password crackers don't go beyond 15 characters. idk do rainbow fields include passwords like this?run javascript with alert document write loop to get ccc... for copy and paste

password 3Jansshays110@gmail.com;Legoman123@yahoo.com These resemble emails i use with 1 difference. I capitalize the first character of each email unlike the actual emails and theres a space tacked on at the end

password 4escondido44this is the password i use for all my forum accounts (except this one..)

password 5jallokarkos123!this resembles the password i use for all my email accounts

password 6Jallokarkos123! this resembles my paypal password. note that theres a space at the end in addition to the capitalized letter

by pretentious on Fri Jul 29, 2011 9:37 pm ([msg=60330]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

Dictionary attack is likely out of the question for most of them as they are quite random and sticking an '!' after the numbers will prevent cains hybrid attack of adding numbers in front of a password. escondido44 doesn't have this and escondido is the name of a city so there is potential for it to be in a password list, so I would consider that weak. The rest i would probably need to brute force.

tremor77 wrote:they are all fail.

something more like 3Qr7$lJ00xi makes for a better password.

when brute forcing, the strength of the password can probably best be estimated with keyspace = [# of different characters used]^[password length in characters] the keyspace of 30 'c's is [26 lowercase characters tested]^[30] 2.813198901×10⁴². if "3Qr7$lJ00xi" was used the keyspace would be [72 if i calculated it right]^[11] = 2.695612495×10²⁰ making 30 'c's a stronger password. Did i get something wrong tremor77?

Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know Can you say brainwashing It's a non stop disco

by centip3de on Sat Jul 30, 2011 11:04 am ([msg=60346]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

Try a password generator, and different passwords for each site... except for this site and HF, (changed recently) I use a random password generator. For instance, after running it once, I got the output: Fjekgje43kjKj35 , that my friend, is a good password.

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook

by centip3de on Sat Jul 30, 2011 5:13 pm ([msg=60359]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

mShred wrote:

centip3de wrote:Try a password generator, and different passwords for each site. For instance, after running it once, I got the output: Fjekgje43kjKj35

That has to be a bitch to remember.

I make mathematical formula's out of them, or nursery rhymes until it becomes second nature

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook